[virus] ouverture fenetre pub + ie tres lent

Résolu

freddypark Messages postés 56 Date d'inscription Statut Membre Dernière intervention -
pascal - 17 févr. 2011 à 06:56

Bonjour,
Comme vous m'avez deja tres bien aidé pour le meme probleme il y a 6 mois je reviens vers vous. donc depuis 1 mois environ ie est tres lent et plante. et depuis une semaine des pages internet souvrent toutes seules avec en plus des pages de pubs :des jeux (tanoth ou Ikarian), des pub antispyware ...

et depuis 2 jours firefox a les meme symptomes

j'ai effectuer un nettoyage ccleaner

d'avance je vous remerci de vous occuper de mon cas ci joint une analyse hijackthis et une analyse
navilog1

que dois je faire ensuite svp

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:53, on 11/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Windows\system32\CISVC.EXE
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\NMSAccessU.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\JMAPP3.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\PowerSave.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUomjKc.dll,#1
O4 - HKLM\..\Run: [6cc17e98] rundll32.exe "C:\Windows\system32\rgxfdvsi.dll",b
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_SE946.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\frederic\AppData\Local\Temp\urqPjGvt.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\vtUopOhg.dll,c
O4 - HKCU\..\Run: [6cc17e98] rundll32.exe "C:\Users\frederic\AppData\Local\Temp\wnejmijg.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {3E9BAF2D-7A79-11D2-9334-0000F875AE17} - https://www.allocam.com
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: EPGService - Unknown owner - J:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

Afficher la suite

A voir également:

[virus] ouverture fenetre pub + ie tres lent
Pc tres lent - Guide
Supprimer pub youtube - Accueil - Streaming
Mon mac est lent comment le nettoyer - Guide
Virus mcafee - Accueil - Piratage
Stop pub gratuit - Télécharger - Divers Utilitaires

35 réponses

Réponse 21 / 35

freddypark Messages postés 56 Date d'inscription Statut Membre Dernière intervention

Avira AntiVir Premium
Report file date: mercredi 11 juin 2008 14:31

Scanning for 1321205 virus strains and unwanted programs.

Licensed to: frederic saulnier
Serial number: 1100813982-PEPWE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-FREDERIC

Version information:
BUILD.DAT : 8.1.0.344 19214 Bytes 28/05/2008 17:00:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 14/04/2008 17:41:34
AVSCAN.DLL : 8.1.1.0 53505 Bytes 14/04/2008 17:41:34
LUKE.DLL : 8.1.2.9 151809 Bytes 14/04/2008 17:41:37
LUKERES.DLL : 8.1.2.1 12033 Bytes 14/04/2008 17:41:37
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:27:57
ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 09:19:57
ANTIVIR3.VDF : 7.0.4.169 252416 Bytes 10/06/2008 09:55:31
Engineversion : 8.1.0.55
AEVDF.DLL : 8.1.0.5 102772 Bytes 14/04/2008 17:41:40
AESCRIPT.DLL : 8.1.0.40 266618 Bytes 07/06/2008 09:20:47
AESCN.DLL : 8.1.0.21 119156 Bytes 07/06/2008 09:20:46
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 17:29:43
AEPACK.DLL : 8.1.1.5 364918 Bytes 16/05/2008 10:03:57
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18/04/2008 17:29:36
AEHEUR.DLL : 8.1.0.30 1253750 Bytes 07/06/2008 09:20:45
AEHELP.DLL : 8.1.0.15 115063 Bytes 30/05/2008 09:20:00
AEGEN.DLL : 8.1.0.28 307572 Bytes 07/06/2008 09:20:43
AEEMU.DLL : 8.1.0.6 430451 Bytes 07/05/2008 20:53:07
AECORE.DLL : 8.1.0.31 168310 Bytes 07/06/2008 09:20:42
AVWINLL.DLL : 1.0.0.7 14593 Bytes 14/04/2008 17:41:34
AVPREF.DLL : 8.0.0.1 25857 Bytes 14/04/2008 17:41:34
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 14/04/2008 17:41:34
AVARKT.DLL : 1.0.0.23 307457 Bytes 14/04/2008 17:41:32
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 14/04/2008 17:41:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 14/04/2008 17:41:38
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 14/04/2008 17:41:38
NETNT.DLL : 8.0.0.1 7937 Bytes 14/04/2008 17:41:37
RCIMAGE.DLL : 8.0.0.31 2564353 Bytes 14/04/2008 17:41:29
RCTEXT.DLL : 8.0.32.0 86273 Bytes 14/04/2008 17:41:29

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition premium\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 11 juin 2008 14:31

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'ieuser.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'robotaskbaricon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'Launcher.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'TF1vision.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'wmdSync.exe' - '1' Module(s) have been scanned
Scan process 'STOPzilla.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HDPBSSS.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'CISVC.EXE' - '1' Module(s) have been scanned
Scan process 'avesvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SZServer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
67 processes with 67 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '11' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <TEMPORAIRE>
Begin scan in 'E:\' <jeux/films>

End of the scan: mercredi 11 juin 2008 15:26
Used time: 55:25 min

The scan has been done completely.

23389 Scanning directories
398299 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
398299 Files not concerned
2583 Archives were scanned
1 Warnings
0 Notes

Réponse 22 / 35

freddypark Messages postés 56 Date d'inscription Statut Membre Dernière intervention

ComboFix 08-06-10.3 - frederic 2008-06-11 15:43:21.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1266 [GMT 2:00]
Endroit: C:\Users\frederic\Desktop\ComboFix.exe
Command switches used :: C:\Users\frederic\Desktop\CFscript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Windows\system32\lusrcdmk.dll
C:\Windows\system32\rynbvksv.dll
C:\Windows\system32\urqQhHyA.dll
C:\Windows\system32\vtUopOhg.dll
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 13:41 --------- d-----w C:\ProgramData\STOPzilla!
2008-06-11 11:35 --------- d-----w C:\Users\frederic\AppData\Roaming\Malwarebytes
2008-06-11 11:35 --------- d-----w C:\ProgramData\Malwarebytes
2008-06-11 11:35 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 11:13 --------- d-----w C:\ProgramData\Google Updater
2008-06-11 10:54 2,359,296 --sha-w C:\Users\Invité\ntuser.dat
2008-06-11 10:54 2,359,296 --sha-w C:\Users\Invité\ntuser.dat
2008-06-11 10:35 --------- d-----w C:\Program Files\Navilog1
2008-06-11 09:52 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-11 09:27 --------- d-----w C:\Program Files\Trend Micro
2008-06-10 17:02 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-10 17:02 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-06-10 14:00 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-06-10 14:00 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-06-10 12:47 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-06-09 10:15 --------- d-----w C:\Users\frederic\AppData\Roaming\GrabIt
2008-06-06 10:48 --------- d-----w C:\Program Files\WarRock
2008-06-04 19:20 --------- d-----w C:\Program Files\GameSpy Arcade
2008-06-04 19:15 --------- d-----w C:\Program Files\Sudden Strike 3
2008-06-04 19:11 278,984 ----a-w C:\Windows\system32\drivers\atksgt.sys
2008-06-04 19:11 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys
2008-06-04 16:24 --------- d-----w C:\Program Files\PulsRadio
2008-06-04 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 12:53 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-06-04 11:58 --------- d-----w C:\Program Files\Microsoft Games
2008-06-04 11:28 --------- d-----w C:\Program Files\DivX
2008-06-04 11:20 --------- d-----w C:\Users\frederic\AppData\Roaming\DivX
2008-06-02 09:12 --------- d-----w C:\Program Files\IEDP2
2008-05-30 16:15 --------- d-----w C:\Users\frederic\AppData\Roaming\gtk-2.0
2008-05-29 10:11 --------- d-----w C:\Program Files\STOPzilla!
2008-05-29 09:13 --------- d-----w C:\Users\frederic\AppData\Roaming\teamspeak2
2008-05-29 08:44 --------- d-----w C:\Program Files\VentSrv
2008-05-29 08:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-27 09:41 --------- d-----w C:\Program Files\Micro Application
2008-05-24 20:50 --------- d-----w C:\Program Files\RayV
2008-05-23 14:49 --------- d-----w C:\Users\frederic\AppData\Roaming\tunebite
2008-05-20 18:01 --------- d-----w C:\ProgramData\SpinTop Games
2008-05-20 11:52 --------- d-----w C:\ProgramData\Zylom
2008-05-19 22:19 --------- d-----w C:\Program Files\Dream Chronicles 2
2008-05-19 22:14 --------- d-----w C:\Program Files\ReflexiveArcade
2008-05-19 21:58 --------- d-----w C:\ProgramData\PlayFirst
2008-05-19 21:13 --------- d-----w C:\Users\frederic\AppData\Roaming\PlayFirst
2008-05-15 20:41 --------- d-----w C:\Users\frederic\AppData\Roaming\EPSON
2008-05-15 05:41 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-15 05:41 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 14:18 --------- d-----w C:\Program Files\RealArcade
2008-05-14 14:17 --------- d-----w C:\Program Files\Winamp
2008-05-14 14:11 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-14 11:35 --------- d-----w C:\Program Files\Maxi-Motamo
2008-05-14 11:32 --------- d-----w C:\Users\frederic\AppData\Roaming\System
2008-05-13 06:29 --------- d-----w C:\Program Files\GIMP-2.0
2008-05-13 01:53 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-13 01:53 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-13 01:51 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-12 12:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-11 08:36 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-11 08:36 --------- d-----w C:\Program Files\Common Files\Real
2008-05-11 08:35 --------- d-----w C:\Program Files\Real
2008-05-05 21:48 --------- d-----w C:\ProgramData\HipSoft
2008-05-05 10:51 --------- d-----w C:\Program Files\Apple Software Update
2008-04-30 16:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-29 19:44 --------- d-----w C:\Program Files\Google
2008-04-29 15:02 --------- d-----w C:\Program Files\Replay Music 3
2008-04-29 15:01 737,280 ----a-w C:\Windows\iun6002.exe
2008-04-25 09:32 --------- d-----w C:\Users\Emilie\AppData\Roaming\Logitech
2008-04-23 16:16 --------- d-----w C:\Program Files\Freecorder Toolbar
2008-04-23 16:16 --------- d-----w C:\Program Files\Freecorder
2008-04-23 16:16 --------- d-----w C:\Program Files\Conduit
2008-04-23 10:15 --------- d-----w C:\Program Files\LogMeIn
2008-04-20 16:07 --------- d-----w C:\ProgramData\Aliasworlds
2008-04-19 09:29 --------- d-----w C:\ProgramData\Avira
2008-04-19 02:29 --------- d-----w C:\Program Files\Deep Space 3D Screensaver
2008-04-19 02:29 --------- d-----w C:\Program Files\3Planesoft Screensaver Manager
2008-04-19 02:21 --------- d-----w C:\Program Files\SereneScreen
2008-04-14 10:30 --------- d-----w C:\Program Files\Cheat 'O Matic
2008-04-12 17:02 --------- d-----w C:\Program Files\TF1Vision
2008-04-12 10:08 --------- d-----w C:\Program Files\CDex_170b2
2008-03-28 17:32 12,176,896 ----a-w C:\Windows\System32\Deep Space 3D Screensaver.exe
2008-03-28 17:00 847,360 ----a-w C:\Windows\System32\Deep_Space_3D_Screensaver.scr
2008-03-28 15:08 458,752 ----a-w C:\Windows\System32\3Planesoft_Screensaver_Manager.scr
2007-12-19 22:18 22,328 ----a-w C:\Users\frederic\AppData\Roaming\PnkBstrK.sys
2007-11-28 12:56 42 ----a-w C:\Program Files\Init
2007-08-31 15:10 174 --sha-w C:\Program Files\desktop.ini
2007-05-28 19:20 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-01-25 01:52 65,536 ----a-w C:\Program Files\Common Files\NMSAccessU.exe
2002-03-11 09:06 1,822,520 ----a-w C:\Users\frederic\instmsiw.exe
2002-03-11 08:45 1,708,856 ----a-w C:\Users\frederic\instmsia.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-11_13.11.16.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-11 11:01:40 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-11 13:39:56 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-11 11:01:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-11 13:39:56 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-11 11:01:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-11 13:39:56 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-11 11:03:25 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-11 13:41:49 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-11 13:41:49 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-11 11:03:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-11 13:41:43 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-11 13:41:43 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-11 10:33:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-11 13:40:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-11 10:33:37 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-11 13:40:17 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-11 10:33:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-11 13:40:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-11 11:04:30 18,106 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-231530408-2541159528-4093877076-1000_UserData.bin
+ 2008-06-11 13:42:04 18,122 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-231530408-2541159528-4093877076-1000_UserData.bin
- 2008-06-11 11:04:30 80,304 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-11 13:42:03 80,398 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-11 10:35:18 80,908 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-11 13:41:59 81,150 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Packard Bell Software Suite"="C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2007-10-19 09:24 1790776]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-05-29 13:39 5724184]
"EPSON Stylus DX7400 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 16:00 182272]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 21:39 68856]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-05-03 22:23 160592]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-04-14 19:41 262401]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\Windows\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"e-TF1"="C:\Program Files\TF1Vision\TF1vision.exe" [2008-03-05 12:47 397312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-11 10:35 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-19 20:16:46 789008]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-29 21:39:40 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ValidateAdminCodeSignatures"= 1 (0x1)
"FilterAdministratorToken"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnacVOD]
C:\Program Files\fnacVOD\fnacVOD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DDA51E78-7771-4E60-B0BD-0F909CC19315}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{23F7FA4B-30D2-4D5C-9D74-F99A26741094}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{16C0A37D-D82E-493F-8780-3B80C1DABA51}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{62EB5534-B5C1-452F-BE5E-CFDD57C458B2}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{699D9D3A-4053-4C32-AFE7-97D06CC37056}"= UDP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{F46F3874-B2DF-48C7-B2FE-9AA9A7BDFA47}"= TCP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{8EBC7797-3211-470B-BF78-8B4CAAF1C2DE}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{D597AEE9-2805-41C9-AC55-8756300A8C1A}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{B6CC8583-FBBA-4D90-8460-DFB5E0F8F73F}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{2DFFC29E-85AF-4B4C-B08A-8E4BCA225A4C}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{6E044BC1-3C3D-4A43-A36C-B9FA1F24C2F8}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{85565CB8-D766-4CE1-A1D7-EC2F06D56D0D}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{9E6271DA-D147-4D25-B8DB-4496680E1D2E}"= UDP:C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{6E95B806-4F8A-4BA7-9381-F24557389A3D}"= TCP:C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{13D787A6-DCF2-4651-83BD-D07DA13AC9CF}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{4EAEE5C2-CDA8-4255-99C8-D94DA4E1BCC5}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{DF763F49-9315-400D-828C-FD5B53BF2D13}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{F8F4AE8E-5D89-4FBE-849D-B6480125E811}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{72DCF2D9-2006-403F-813F-FA22245A991B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{EE600911-60C3-4C08-BF88-7FBC6D1784A7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CA211251-5672-4A84-BF2C-BC74450FFA21}"= UDP:C:\Program Files\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{117BA98D-97C1-4AE3-9648-3155F6B740A7}"= TCP:C:\Program Files\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{B186140F-19D9-4566-8F48-575FF5E3A23E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D3239B80-FBF6-40E9-8F48-C49AB64CD28A}C:\\users\\frederic\\desktop\\nexuiz-23\\nexuiz\\nexuiz.exe"= UDP:C:\users\frederic\desktop\nexuiz-23\nexuiz\nexuiz.exe:nexuiz.exe
"UDP Query User{CFCB1908-0B61-463D-94A9-905EE7E01255}C:\\users\\frederic\\desktop\\nexuiz-23\\nexuiz\\nexuiz.exe"= TCP:C:\users\frederic\desktop\nexuiz-23\nexuiz\nexuiz.exe:nexuiz.exe
"{47104578-6A78-4FAD-A71E-35354CC31E5E}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{8912BD10-9BD4-448F-B473-1AB1ECDEE71D}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{4DA9D651-C7B2-468C-831E-4E4B90DD307E}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{076F64E3-0829-4ED9-83D4-EA7996FE6BDC}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{2A38049E-8004-4395-9957-679A4FD2AC49}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{6E5710DE-16B3-4384-AC0E-923DA5C96295}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{79DE53FD-47DF-4EBF-BB8D-599BCCE8C242}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{C857DA63-0306-4D3F-830A-20A80ABB026B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{F19AF496-F1A4-4215-BE45-551EEC2295EA}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{14CE4F04-2D64-4E2E-B4A9-376046425F2C}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{CE89A6E4-3D87-450C-8D2A-6B37E1FAAED0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C5A069EA-E9B4-4E8E-A377-430FEB888101}"= UDP:C:\Program Files\RealVNC\VNC4\winvnc4.exe:VNC Server
"{92397BC4-79E1-4FC7-949E-3A2F697953BD}"= TCP:C:\Program Files\RealVNC\VNC4\winvnc4.exe:VNC Server
"TCP Query User{DFDA3337-753C-4906-8AD3-E302ACA0A0AF}C:\\program files\\allocam multi visio\\allocam.exe"= UDP:C:\program files\allocam multi visio\allocam.exe:Multi Video
"UDP Query User{0027B833-14AB-402C-88EF-6BB2A721FB3D}C:\\program files\\allocam multi visio\\allocam.exe"= TCP:C:\program files\allocam multi visio\allocam.exe:Multi Video
"{A9EE2371-9F39-42D3-9468-BA7D3C57780D}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{C72BAA33-E96D-4531-9441-F0EB59A91051}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{111B2816-1B62-454A-9FE5-C5B2B47E107C}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9A8EAE1F-34D5-43F8-96E3-5C1E785BB9A4}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{B205DAAD-B42A-4333-A439-AB8693ACB72A}C:\\program files\\anti-leech\\alie_1.0.2.3\\alhlp.exe"= UDP:C:\program files\anti-leech\alie_1.0.2.3\alhlp.exe:Anti-Leech plugin helper program
"UDP Query User{E90F3CFE-45AF-486F-A62B-EC84DD144481}C:\\program files\\anti-leech\\alie_1.0.2.3\\alhlp.exe"= TCP:C:\program files\anti-leech\alie_1.0.2.3\alhlp.exe:Anti-Leech plugin helper program
"{6A0F86D2-2973-4164-A673-06C54933F0BD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{BB46A7FF-8203-4378-BDB0-D7810F943B6E}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{455C1855-25BA-4157-847A-36BDADDAC47B}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"TCP Query User{67E03889-E93C-4047-9BF5-0DFA6937C0B9}C:\\program files\\safari\\safari.exe"= UDP:C:\program files\safari\safari.exe:Safari Web Browser
"UDP Query User{607202CD-7C77-4A0F-BA58-DE499A85CC3D}C:\\program files\\safari\\safari.exe"= TCP:C:\program files\safari\safari.exe:Safari Web Browser
"{2538D5C3-8E2E-4872-9268-788A942B898C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B3E2F069-D82C-4EF9-ACD9-9CCDEE5BD28A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{065DF47C-B03A-48A9-B87A-16141A964B39}C:\\program files\\warrock\\system\\warrock.exe"= UDP:C:\program files\warrock\system\warrock.exe:WarRock
"UDP Query User{28EFD4CE-930B-4D0B-8B78-784BA7BE7774}C:\\program files\\warrock\\system\\warrock.exe"= TCP:C:\program files\warrock\system\warrock.exe:WarRock
"{F34B3DA7-43F6-4B23-85F6-FBC14F01A52D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{7467093A-3164-4E3F-8754-D25E7C52F8F8}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{63037BD3-3934-43A2-8297-85C288F1F229}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{6F501AFF-DE91-4292-A487-8466EE07552B}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"{D456867E-EFB8-47F8-AA13-9F1A2CB859B6}"= UDP:C:\Program Files\RayV\RayV\RayV.exe:RayV
"{0156D569-342C-4AF2-A8D5-CED27026A6C8}"= TCP:C:\Program Files\RayV\RayV\RayV.exe:RayV
"TCP Query User{199AF94B-0162-4F36-9E52-8842FFF3BD07}C:\\program files\\ventsrv\\ventrilo_srv.exe"= UDP:C:\program files\ventsrv\ventrilo_srv.exe:ventrilo_srv
"UDP Query User{EBCF9274-59DC-4EF7-85FC-724CB9F00B6B}C:\\program files\\ventsrv\\ventrilo_srv.exe"= TCP:C:\program files\ventsrv\ventrilo_srv.exe:ventrilo_srv
"TCP Query User{EF92345B-6085-430B-B6AB-937235612DD4}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= UDP:C:\program files\teamspeak2_rc2\server_windows.exe:Server
"UDP Query User{A20B4E94-D633-4F7D-AB24-E0CB7F64C243}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= TCP:C:\program files\teamspeak2_rc2\server_windows.exe:Server
"{74DCB3D3-4180-4074-99EA-9B347CF84AF9}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{14A8A063-C4DD-4C4C-9AE6-8FBFFE341E36}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\PROGRA~1\\ALLOCA~1\\allocam.exe"= C:\PROGRA~1\ALLOCA~1\allocam.exe:*:Enabled:Multi Video
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"6667:UDP"= 6667:UDP:*:Enabled:TOTOCAM UDP
"6666:TCP"= 6666:TCP:*:Enabled:TOTOCAM TCP

R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-05-11 09:40]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE" [2008-04-14 19:41]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-04-14 19:41]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 16:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-08-03 16:09]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 14:13]
R2 NMSAccessU;NMSAccessU;C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 03:52]
R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
S2 EPGService;EPGService;J:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe []
S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-06-10 19:02]
S3 netr73;Sitecom RT73 Wireless Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-05-11 17:40]
S3 USB28xxBGA;WinTV HVR-900;C:\Windows\system32\DRIVERS\emBDA.sys [2007-01-30 02:20]
S3 USB28xxOEM;WinTV OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-01-30 02:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
rsmsvcs REG_MULTI_SZ ntmssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8be4d5da-0d1e-11dc-9843-806e6f6e6963}]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7d92368-a33f-11dc-93d1-0018f3097dae}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-05 21:57:04 C:\Windows\Tasks\Auto Backup for frederic.job"
- C:\Program Files\Packard Bell\Packard Bell Software Suite\DSMsg.exe
"2008-06-11 12:35:12 C:\Windows\Tasks\User_Feed_Synchronization-{AF5C0371-3DE2-44D7-8718-0ABBC62C52B3}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 15:48:25
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-11 15:49:32
ComboFix-quarantined-files.txt 2008-06-11 13:49:26
ComboFix2.txt 2008-06-11 11:12:02

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

323 --- E O F --- 2008-05-30 09:25:22

Réponse 23 / 35

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

ok tu peux réactiver le compte utilisateur

encore des soucis????

Réponse 24 / 35

freddypark Messages postés 56 Date d'inscription Statut Membre Dernière intervention

salut

ben en fait apres toutes les modif effectués je n'arrivais plus a redemarrer mon pc. jai fait une restauration systeme a 1 semaine mais donc tous mais problemes sont revenus au secours

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 35

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

recolle un rapport combofix et hijakchtis

Réponse 26 / 35

freddypark Messages postés 56 Date d'inscription Statut Membre Dernière intervention

au secours, j'ai un trojan tr/Vundo gen qui m'enpeche totalement d' utiliser le pc avec l'antivirus en marche

Réponse 27 / 35

freddypark Messages postés 56 Date d'inscription Statut Membre Dernière intervention

dernier log hijack

Logfile of HijackThis v1.99.1
Scan saved at 13:33:33, on 20/06/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\STOPzilla!\SZBlkLst.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\frederic\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {3d2674a3-fd73-e83a-2624-f170a0428856} - {6588240a-071f-4262-a38e-37df3a4762d3} - C:\Windows\system32\foxicokc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {EFDBD4FF-1CE8-45F4-886D-471A90C74DBD} - C:\Windows\system32\awtspMec.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_SE946.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {3E9BAF2D-7A79-11D2-9334-0000F875AE17} - https://www.allocam.com
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Réponse 28 / 35

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Windows\system32\foxicokc.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_____________

colle un rapport combofix

Réponse 29 / 35

freddypark Messages postés 56 Date d'inscription Statut Membre Dernière intervention

encore merci de t'occuper de moi

ComboFix 08-06-19.2 - frederic 2008-06-20 13:52:02.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.807 [GMT 2:00]
Endroit: C:\Users\frederic\Desktop\killbagle.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\fbdzj.exe
C:\Windows\ftebh.exe
C:\Windows\pack.epk
C:\Windows\system32\awtqnoNH.dll
C:\Windows\system32\awtspMec.dll
C:\Windows\system32\bcqywkfh.ini
C:\Windows\system32\bpqcwptt.ini
C:\Windows\System32\ceMpstwa.ini
C:\Windows\System32\ceMpstwa.ini2
C:\Windows\system32\clqfcgeo.dll
C:\Windows\system32\cphpqjxa.ini
C:\Windows\system32\cqsncajr.dll
C:\Windows\system32\dwxoalmm.dll
C:\Windows\System32\fkgvtoux.ini
C:\Windows\system32\foxicokc.dll
C:\Windows\System32\ghOpoUtv.ini
C:\Windows\System32\ghOpoUtv.ini2
C:\Windows\system32\hfkwyqcb.dll
C:\Windows\System32\HNonqtwa.ini
C:\Windows\System32\HNonqtwa.ini2
C:\Windows\system32\iifecdCS.dll
C:\Windows\system32\itnqrncn.dll
C:\Windows\system32\jmlgawie.dll
C:\Windows\system32\jyyifkmu.dll
C:\Windows\system32\lelfxhqt.ini
C:\Windows\system32\lkuwmllh.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mhimsxjt.dll
C:\Windows\system32\ncgfkcsv.dll
C:\Windows\system32\oegcfqlc.ini
C:\Windows\system32\oxtxhssn.dll
C:\Windows\system32\tkquhpew.dll
C:\Windows\system32\vdvuvjds.ini
C:\Windows\system32\vtUopOhg.dll
C:\Windows\system32\vvsmqlbc.dll
C:\Windows\system32\xuotvgkf.dll
C:\Windows\system32\ybuohugf.dll
C:\Windows\system32\yrqoqrer.dll
C:\Windows\system32\ysgdaprt.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-20 to 2008-06-20 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 12:00 --------- d-----w C:\ProgramData\STOPzilla!
2008-06-20 11:32 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-20 10:53 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-06-20 10:53 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-06-20 07:36 --------- d-----w C:\Program Files\WarRock
2008-06-19 21:35 30,544 ----a-w C:\Windows\dirdib.drv
2008-06-19 21:35 30,464 ----a-w C:\Windows\macromix.dll
2008-06-19 16:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-19 15:57 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-06-19 12:18 --------- d-----w C:\Users\frederic\AppData\Roaming\gtk-2.0
2008-06-18 09:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 09:45 --------- d-----w C:\Program Files\Mio Technology
2008-06-17 07:48 --------- d-----w C:\Program Files\e-Carte Bleue La Banque Postale
2008-06-16 18:53 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-16 18:28 --------- d-----w C:\ProgramData\WLInstaller
2008-06-16 10:05 --------- d-----w C:\Program Files\Windows Mail
2008-06-16 09:53 --------- d-----w C:\Users\frederic\AppData\Roaming\Windows Live Writer
2008-06-15 15:08 --------- d-----w C:\Program Files\Rockstar Games
2008-06-15 14:59 --------- d-----w C:\Program Files\VDMSound
2008-06-15 14:26 --------- d-----w C:\Users\frederic\AppData\Roaming\GrabIt
2008-06-14 10:03 --------- d-----w C:\Program Files\Click'N Design 3D (V5)
2008-06-14 08:30 --------- d-----w C:\Program Files\CDex_170b2
2008-06-12 12:42 --------- d-----w C:\Users\frederic\AppData\Roaming\tunebite
2008-06-12 11:59 --------- d-----w C:\Program Files\vtplus
2008-06-12 11:57 --------- d-----w C:\Program Files\VentSrv
2008-06-12 11:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-12 11:53 --------- d-----w C:\Program Files\Sitecom
2008-06-12 11:41 --------- d-----w C:\Program Files\STOPzilla!
2008-06-11 20:58 --------- d-----w C:\ProgramData\Google Updater
2008-06-11 20:44 --------- d-----w C:\Users\frederic\AppData\Roaming\teamspeak2
2008-06-11 20:44 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-06-11 11:35 --------- d-----w C:\Users\frederic\AppData\Roaming\Malwarebytes
2008-06-11 11:35 --------- d-----w C:\ProgramData\Malwarebytes
2008-06-11 11:35 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 10:35 --------- d-----w C:\Program Files\Navilog1
2008-06-11 09:27 --------- d-----w C:\Program Files\Trend Micro
2008-06-04 19:20 --------- d-----w C:\Program Files\GameSpy Arcade
2008-06-04 19:15 --------- d-----w C:\Program Files\Sudden Strike 3
2008-06-04 12:53 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-06-04 11:58 --------- d-----w C:\Program Files\Microsoft Games
2008-06-04 11:28 --------- d-----w C:\Program Files\DivX
2008-06-04 11:20 --------- d-----w C:\Users\frederic\AppData\Roaming\DivX
2008-06-02 09:12 --------- d-----w C:\Program Files\IEDP2
2008-05-27 09:41 --------- d-----w C:\Program Files\Micro Application
2008-05-20 18:01 --------- d-----w C:\ProgramData\SpinTop Games
2008-05-20 11:52 --------- d-----w C:\ProgramData\Zylom
2008-05-19 22:19 --------- d-----w C:\Program Files\Dream Chronicles 2
2008-05-19 22:14 --------- d-----w C:\Program Files\ReflexiveArcade
2008-05-19 21:58 --------- d-----w C:\ProgramData\PlayFirst
2008-05-19 21:13 --------- d-----w C:\Users\frederic\AppData\Roaming\PlayFirst
2008-05-15 20:41 --------- d-----w C:\Users\frederic\AppData\Roaming\EPSON
2008-05-14 14:18 --------- d-----w C:\Program Files\RealArcade
2008-05-14 14:17 --------- d-----w C:\Program Files\Winamp
2008-05-14 14:11 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-14 11:32 --------- d-----w C:\Users\frederic\AppData\Roaming\System
2008-05-13 06:29 --------- d-----w C:\Program Files\GIMP-2.0
2008-05-13 01:53 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-13 01:53 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-13 01:51 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-12 12:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-11 08:36 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-11 08:36 --------- d-----w C:\Program Files\Common Files\Real
2008-05-11 08:35 --------- d-----w C:\Program Files\Real
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-05 21:48 --------- d-----w C:\ProgramData\HipSoft
2008-05-05 10:51 --------- d-----w C:\Program Files\Apple Software Update
2008-04-30 16:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-29 19:44 --------- d-----w C:\Program Files\Google
2008-04-29 15:02 --------- d-----w C:\Program Files\Replay Music 3
2008-04-29 15:01 737,280 ----a-w C:\Windows\iun6002.exe
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 09:32 --------- d-----w C:\Users\Emilie\AppData\Roaming\Logitech
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-23 16:16 --------- d-----w C:\Program Files\Freecorder Toolbar
2008-04-23 16:16 --------- d-----w C:\Program Files\Freecorder
2008-04-23 16:16 --------- d-----w C:\Program Files\Conduit
2008-04-23 10:15 --------- d-----w C:\Program Files\LogMeIn
2008-04-23 04:27 428,032 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:27 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-04-23 04:27 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-04-20 16:07 --------- d-----w C:\ProgramData\Aliasworlds
2008-03-28 17:32 12,176,896 ----a-w C:\Windows\System32\Deep Space 3D Screensaver.exe
2008-03-28 17:00 847,360 ----a-w C:\Windows\System32\Deep_Space_3D_Screensaver.scr
2007-12-19 22:18 22,328 ----a-w C:\Users\frederic\AppData\Roaming\PnkBstrK.sys
2007-11-28 12:56 42 ----a-w C:\Program Files\Init
2007-08-31 15:10 174 --sha-w C:\Program Files\desktop.ini
2007-05-28 19:20 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-01-25 01:52 65,536 ----a-w C:\Program Files\Common Files\NMSAccessU.exe
2002-03-11 09:06 1,822,520 ----a-w C:\Users\frederic\instmsiw.exe
2002-03-11 08:45 1,708,856 ----a-w C:\Users\frederic\instmsia.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Packard Bell Software Suite"="C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2007-10-19 09:24 1790776]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"EPSON Stylus DX7400 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE" [2007-04-12 16:00 182272]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 21:39 68856]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-06-14 10:17 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 11:45 215552]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-04-14 19:41 262401]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\Windows\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-11 10:35 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
e-Carte Bleue La Banque Postale.lnk - C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe [2008-06-17 09:48:14 278528]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-19 20:16:46 789008]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-29 21:39:40 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnacVOD]
C:\Program Files\fnacVOD\fnacVOD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DDA51E78-7771-4E60-B0BD-0F909CC19315}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{23F7FA4B-30D2-4D5C-9D74-F99A26741094}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{16C0A37D-D82E-493F-8780-3B80C1DABA51}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{62EB5534-B5C1-452F-BE5E-CFDD57C458B2}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{699D9D3A-4053-4C32-AFE7-97D06CC37056}"= UDP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{F46F3874-B2DF-48C7-B2FE-9AA9A7BDFA47}"= TCP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{8EBC7797-3211-470B-BF78-8B4CAAF1C2DE}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{D597AEE9-2805-41C9-AC55-8756300A8C1A}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{B6CC8583-FBBA-4D90-8460-DFB5E0F8F73F}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{2DFFC29E-85AF-4B4C-B08A-8E4BCA225A4C}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{6E044BC1-3C3D-4A43-A36C-B9FA1F24C2F8}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{85565CB8-D766-4CE1-A1D7-EC2F06D56D0D}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{9E6271DA-D147-4D25-B8DB-4496680E1D2E}"= UDP:C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{6E95B806-4F8A-4BA7-9381-F24557389A3D}"= TCP:C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{13D787A6-DCF2-4651-83BD-D07DA13AC9CF}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{4EAEE5C2-CDA8-4255-99C8-D94DA4E1BCC5}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{DF763F49-9315-400D-828C-FD5B53BF2D13}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{F8F4AE8E-5D89-4FBE-849D-B6480125E811}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{72DCF2D9-2006-403F-813F-FA22245A991B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{EE600911-60C3-4C08-BF88-7FBC6D1784A7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CA211251-5672-4A84-BF2C-BC74450FFA21}"= UDP:C:\Program Files\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{117BA98D-97C1-4AE3-9648-3155F6B740A7}"= TCP:C:\Program Files\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{B186140F-19D9-4566-8F48-575FF5E3A23E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D3239B80-FBF6-40E9-8F48-C49AB64CD28A}C:\\users\\frederic\\desktop\\nexuiz-23\\nexuiz\\nexuiz.exe"= UDP:C:\users\frederic\desktop\nexuiz-23\nexuiz\nexuiz.exe:nexuiz.exe
"UDP Query User{CFCB1908-0B61-463D-94A9-905EE7E01255}C:\\users\\frederic\\desktop\\nexuiz-23\\nexuiz\\nexuiz.exe"= TCP:C:\users\frederic\desktop\nexuiz-23\nexuiz\nexuiz.exe:nexuiz.exe
"{47104578-6A78-4FAD-A71E-35354CC31E5E}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{8912BD10-9BD4-448F-B473-1AB1ECDEE71D}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{4DA9D651-C7B2-468C-831E-4E4B90DD307E}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{076F64E3-0829-4ED9-83D4-EA7996FE6BDC}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{2A38049E-8004-4395-9957-679A4FD2AC49}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{6E5710DE-16B3-4384-AC0E-923DA5C96295}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{79DE53FD-47DF-4EBF-BB8D-599BCCE8C242}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{C857DA63-0306-4D3F-830A-20A80ABB026B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{F19AF496-F1A4-4215-BE45-551EEC2295EA}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{14CE4F04-2D64-4E2E-B4A9-376046425F2C}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{CE89A6E4-3D87-450C-8D2A-6B37E1FAAED0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C5A069EA-E9B4-4E8E-A377-430FEB888101}"= UDP:C:\Program Files\RealVNC\VNC4\winvnc4.exe:VNC Server
"{92397BC4-79E1-4FC7-949E-3A2F697953BD}"= TCP:C:\Program Files\RealVNC\VNC4\winvnc4.exe:VNC Server
"TCP Query User{DFDA3337-753C-4906-8AD3-E302ACA0A0AF}C:\\program files\\allocam multi visio\\allocam.exe"= UDP:C:\program files\allocam multi visio\allocam.exe:Multi Video
"UDP Query User{0027B833-14AB-402C-88EF-6BB2A721FB3D}C:\\program files\\allocam multi visio\\allocam.exe"= TCP:C:\program files\allocam multi visio\allocam.exe:Multi Video
"{A9EE2371-9F39-42D3-9468-BA7D3C57780D}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{C72BAA33-E96D-4531-9441-F0EB59A91051}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{111B2816-1B62-454A-9FE5-C5B2B47E107C}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9A8EAE1F-34D5-43F8-96E3-5C1E785BB9A4}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{B205DAAD-B42A-4333-A439-AB8693ACB72A}C:\\program files\\anti-leech\\alie_1.0.2.3\\alhlp.exe"= UDP:C:\program files\anti-leech\alie_1.0.2.3\alhlp.exe:Anti-Leech plugin helper program
"UDP Query User{E90F3CFE-45AF-486F-A62B-EC84DD144481}C:\\program files\\anti-leech\\alie_1.0.2.3\\alhlp.exe"= TCP:C:\program files\anti-leech\alie_1.0.2.3\alhlp.exe:Anti-Leech plugin helper program
"{6A0F86D2-2973-4164-A673-06C54933F0BD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{BB46A7FF-8203-4378-BDB0-D7810F943B6E}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{455C1855-25BA-4157-847A-36BDADDAC47B}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"TCP Query User{67E03889-E93C-4047-9BF5-0DFA6937C0B9}C:\\program files\\safari\\safari.exe"= UDP:C:\program files\safari\safari.exe:Safari Web Browser
"UDP Query User{607202CD-7C77-4A0F-BA58-DE499A85CC3D}C:\\program files\\safari\\safari.exe"= TCP:C:\program files\safari\safari.exe:Safari Web Browser
"{2538D5C3-8E2E-4872-9268-788A942B898C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B3E2F069-D82C-4EF9-ACD9-9CCDEE5BD28A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{065DF47C-B03A-48A9-B87A-16141A964B39}C:\\program files\\warrock\\system\\warrock.exe"= UDP:C:\program files\warrock\system\warrock.exe:WarRock
"UDP Query User{28EFD4CE-930B-4D0B-8B78-784BA7BE7774}C:\\program files\\warrock\\system\\warrock.exe"= TCP:C:\program files\warrock\system\warrock.exe:WarRock
"{F34B3DA7-43F6-4B23-85F6-FBC14F01A52D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{7467093A-3164-4E3F-8754-D25E7C52F8F8}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{63037BD3-3934-43A2-8297-85C288F1F229}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{6F501AFF-DE91-4292-A487-8466EE07552B}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"{D456867E-EFB8-47F8-AA13-9F1A2CB859B6}"= UDP:C:\Program Files\RayV\RayV\RayV.exe:RayV
"{0156D569-342C-4AF2-A8D5-CED27026A6C8}"= TCP:C:\Program Files\RayV\RayV\RayV.exe:RayV
"TCP Query User{199AF94B-0162-4F36-9E52-8842FFF3BD07}C:\\program files\\ventsrv\\ventrilo_srv.exe"= UDP:C:\program files\ventsrv\ventrilo_srv.exe:ventrilo_srv
"UDP Query User{EBCF9274-59DC-4EF7-85FC-724CB9F00B6B}C:\\program files\\ventsrv\\ventrilo_srv.exe"= TCP:C:\program files\ventsrv\ventrilo_srv.exe:ventrilo_srv
"TCP Query User{EF92345B-6085-430B-B6AB-937235612DD4}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= UDP:C:\program files\teamspeak2_rc2\server_windows.exe:Server
"UDP Query User{A20B4E94-D633-4F7D-AB24-E0CB7F64C243}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= TCP:C:\program files\teamspeak2_rc2\server_windows.exe:Server
"{74DCB3D3-4180-4074-99EA-9B347CF84AF9}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{14A8A063-C4DD-4C4C-9AE6-8FBFFE341E36}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{32E6FF17-810C-41F0-BC0C-F1C6949E37F9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\PROGRA~1\\ALLOCA~1\\allocam.exe"= C:\PROGRA~1\ALLOCA~1\allocam.exe:*:Enabled:Multi Video
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"6667:UDP"= 6667:UDP:*:Enabled:TOTOCAM UDP
"6666:TCP"= 6666:TCP:*:Enabled:TOTOCAM TCP

R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-05-11 09:40]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE" [2008-04-14 19:41]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-04-14 19:41]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 16:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-08-03 16:09]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 14:13]
R2 NMSAccessU;NMSAccessU;C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 03:52]
R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
S3 netr73;Sitecom RT73 Wireless Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-05-11 17:40]
S3 USB28xxBGA;WinTV HVR-900;C:\Windows\system32\DRIVERS\emBDA.sys [2007-01-30 02:20]
S3 USB28xxOEM;WinTV OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-01-30 02:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
rsmsvcs REG_MULTI_SZ ntmssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7d92368-a33f-11dc-93d1-0018f3097dae}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-19 21:57:01 C:\Windows\Tasks\Auto Backup for frederic.job"
- C:\Program Files\Packard Bell\Packard Bell Software Suite\DSMsg.exe
"2008-06-20 11:27:16 C:\Windows\Tasks\User_Feed_Synchronization-{AF5C0371-3DE2-44D7-8718-0ABBC62C52B3}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 13:59:58
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

C:\Windows\TEMP\TMP00000009D05F6F594CA35E40

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\CISVC.EXE
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-20 14:06:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 12:06:26
ComboFix2.txt 2008-06-11 13:49:33

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.

358 --- E O F --- 2008-06-16 18:53:41

Réponse 30 / 35

freddypark Messages postés 56 Date d'inscription Statut Membre Dernière intervention

File/Folder C:\Windows\system32\foxicokc.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06202008_140941

Réponse 31 / 35

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

ok encore des soucis? Installé spywareblaster pour immuniser ton system en partie contre vundo. Colle moi un rapport antivir pour vérifier

Réponse 32 / 35

freddypark Messages postés 56 Date d'inscription Statut Membre Dernière intervention

re rapprort antivir

Avira AntiVir Premium
Report file date: dimanche 22 juin 2008 19:08

Scanning for 1350570 virus strains and unwanted programs.

Licensed to: frederic saulnier
Serial number: 1100813982-PEPWE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-FREDERIC

Version information:
BUILD.DAT : 8.1.0.344 19214 Bytes 28/05/2008 17:00:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 14/04/2008 17:41:34
AVSCAN.DLL : 8.1.1.0 53505 Bytes 14/04/2008 17:41:34
LUKE.DLL : 8.1.2.9 151809 Bytes 14/04/2008 17:41:37
LUKERES.DLL : 8.1.2.1 12033 Bytes 14/04/2008 17:41:37
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:27:57
ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14/06/2008 09:55:37
ANTIVIR3.VDF : 7.0.4.233 260608 Bytes 21/06/2008 10:09:03
Engineversion : 8.1.0.59
AEVDF.DLL : 8.1.0.5 102772 Bytes 14/04/2008 17:41:40
AESCRIPT.DLL : 8.1.0.44 278907 Bytes 20/06/2008 11:11:10
AESCN.DLL : 8.1.0.22 119157 Bytes 20/06/2008 11:11:09
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 17:29:43
AEPACK.DLL : 8.1.1.6 364918 Bytes 20/06/2008 11:11:08
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 20/06/2008 11:11:07
AEHEUR.DLL : 8.1.0.32 1274231 Bytes 20/06/2008 11:11:06
AEHELP.DLL : 8.1.0.15 115063 Bytes 30/05/2008 09:20:00
AEGEN.DLL : 8.1.0.29 307573 Bytes 20/06/2008 11:11:04
AEEMU.DLL : 8.1.0.6 430451 Bytes 07/05/2008 20:53:07
AECORE.DLL : 8.1.0.31 168310 Bytes 12/06/2008 07:30:42
AVWINLL.DLL : 1.0.0.7 14593 Bytes 14/04/2008 17:41:34
AVPREF.DLL : 8.0.0.1 25857 Bytes 14/04/2008 17:41:34
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 14/04/2008 17:41:34
AVARKT.DLL : 1.0.0.23 307457 Bytes 14/04/2008 17:41:32
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 14/04/2008 17:41:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 14/04/2008 17:41:38
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 14/04/2008 17:41:38
NETNT.DLL : 8.0.0.1 7937 Bytes 14/04/2008 17:41:37
RCIMAGE.DLL : 8.0.0.31 2564353 Bytes 14/04/2008 17:41:29
RCTEXT.DLL : 8.0.32.0 86273 Bytes 14/04/2008 17:41:29

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition premium\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, K:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 22 juin 2008 19:08

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WinRAR.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'PowerSave.exe' - '1' Module(s) have been scanned
Scan process 'JMAPP3.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'STOPzilla.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'ecbl-lbp.exe' - '1' Module(s) have been scanned
Scan process 'robotaskbaricon.exe' - '1' Module(s) have been scanned
Scan process 'Launcher.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'wmdSync.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HDPBSSS.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'CISVC.EXE' - '1' Module(s) have been scanned
Scan process 'avesvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SZServer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
74 processes with 74 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'K:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '12' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\Emilie\AppData\Local\Temp\tmp00029fd7
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48cebd96.qua'!
Begin scan in 'D:\' <TEMPORAIRE>
Begin scan in 'E:\' <jeux/films>
Begin scan in 'K:\' <DATA>

End of the scan: dimanche 22 juin 2008 23:51
Used time: 4:43:45 min

The scan has been done completely.

25671 Scanning directories
585342 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
585341 Files not concerned
5381 Archives were scanned
1 Warnings
1 Notes

plus de problemes merci bcp

Réponse 33 / 35

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

utilise ccleaner pour virer les traces
et les fichiers temporaires

https://www.malekal.com/tutoriel-ccleaner/

encore des soucis??????

Réponse 34 / 35

pascal

installe "Malwarebytes' Anti-Malware"

Réponse 35 / 35

geoffrey5 Messages postés 13732 Date d'inscription Statut Contributeur sécurité Dernière intervention 10

Salut !!

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

télécharger sur le bureau Navilog1 : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Si votre antivirus s'affole , le désactiver
= double-clic dessus pour l'installer et le lancer
Quand installé
= taper F
= Appuyer sur une touche jusqu' arriver aux options
= Choisir Recherche ( = taper 1 )
ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes

un rapport : fixnavi.txt
dans ==> C :
le copier et le coller dans la réponse

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

slt
il a mis navilog déjà dans le message de depart

Discussions similaires

Softonic,est-ce un virus ?

Ouvrir un fichier .pub sans Publisher

Votre réponse

Discussions similaires